[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US8205248B2 - Local verification of trusted display based on remote server verification - Google Patents

Local verification of trusted display based on remote server verification Download PDF

Info

Publication number
US8205248B2
US8205248B2 US11/865,048 US86504807A US8205248B2 US 8205248 B2 US8205248 B2 US 8205248B2 US 86504807 A US86504807 A US 86504807A US 8205248 B2 US8205248 B2 US 8205248B2
Authority
US
United States
Prior art keywords
entity
computing devices
guest
identification items
initiating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US11/865,048
Other versions
US20090089875A1 (en
Inventor
David C. Challener
Daryl Cromer
Howard Locker
Randall S. Springfield
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo PC International Ltd
Original Assignee
Lenovo Singapore Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Singapore Pte Ltd filed Critical Lenovo Singapore Pte Ltd
Priority to US11/865,048 priority Critical patent/US8205248B2/en
Assigned to LENOVO (SINGAPORE) PTE., LTD. reassignment LENOVO (SINGAPORE) PTE., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHALLENER, DAVID C., CROMER, DARYL, LOCKER, HOWARD, SPRINGFIELD, RANDALL S.
Priority to CNA2008101616918A priority patent/CN101436236A/en
Publication of US20090089875A1 publication Critical patent/US20090089875A1/en
Application granted granted Critical
Publication of US8205248B2 publication Critical patent/US8205248B2/en
Assigned to LENOVO PC INTERNATIONAL reassignment LENOVO PC INTERNATIONAL NUNC PRO TUNC ASSIGNMENT (SEE DOCUMENT FOR DETAILS). Assignors: LENOVO (SINGAPORE) PTE LTD.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • the present invention relates generally to online banking or other arenas in which online transactions of one form or another may be managed or processed, and to arrangements for ensuring that transactions are reliably secure.
  • a perennial challenge in online banking resides in being able to verify that an online session is indeed secure. Even though a secure operating system (OS) may be employed, and TPM (trusted platform module) can be used to verify the OS. However, verifying that the content of the session is secure can still be quite elusive.
  • OS operating system
  • TPM trusted platform module
  • Compelling needs have thus been recognized in connection with providing even more reliable safeguards to ensure reliably secure online banking transactions, while such needs of course can reasonably be addressed in a wide variety of other online arenas.
  • a “share secret” for use with the bank may be created, via which a secure process can be started to reliably ensure that there is no breach of online security.
  • one aspect of the invention provides a method comprising: establishing a secure identification item with an entity which positively identifies the entity; initiating an online session with the entity; accepting an application OS of the entity; initiating a guest OS with the entity; connecting with the entity; displaying the secure identification item.
  • Another aspect of the invention provides a system comprising: a main memory; a network adapter; a display; and a transaction security module in communication with the network adapter, the transaction security module acting to: establish a secure identification item with an entity which positively identifies the entity; accept an application OS of the entity; and initiate a guest OS with the entity; the network adapter acting to connect with the entity subsequent to initiation of a guest OS; and the display acting to display the secure identification item subsequent to connection with the entity.
  • an additional aspect of the invention provides a program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method comprising the steps of: establishing a secure identification item with an entity which positively identifies the entity; initiating an online session with the entity; accepting an application OS of the entity; initiating a guest OS with the entity; connecting with the entity; displaying the secure identification item.
  • FIG. 1 schematically illustrates a computer system.
  • FIG. 2 schematically conveys a verification process.
  • modules may be implemented as a hardware circuit comprising custom VLSI circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components.
  • a module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
  • Modules may also be implemented in software for execution by various types of processors.
  • An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the module and achieve the stated purpose for the module.
  • a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices.
  • operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.
  • FIG. 1 there is depicted a block diagram of an illustrative embodiment of a computer system 12 .
  • the illustrative embodiment depicted in FIG. 1 may be a notebook computer system, such as one of the ThinkPad® or ThinkCentre® series of personal computers sold by Lenovo (US) Inc. of Morrisville, N.C., however, as will become apparent from the following description, the present invention is applicable to any data processing system.
  • computer system 12 includes at least one system processor 42 , which is coupled to a Read-Only Memory (ROM) 40 and a system memory 46 by a processor bus 44 .
  • System processor 42 which may comprise one of the AMDTM line of processors produced by AMD Corporation or a processor produced by Intel Corporation, is a general-purpose processor that executes boot code 41 stored within ROM 40 at power-on and thereafter processes data under the control of operating system and application software stored in system memory 46 .
  • System processor 42 is coupled via processor bus 44 and host bridge 48 to Peripheral Component. Interconnect (PCI) local bus 50 .
  • PCI Peripheral Component. Interconnect
  • PCI local bus 50 supports the attachment of a number of devices, including adapters and bridges. Among these devices is network adapter 66 , which interfaces computer system 12 to a LAN, and graphics adapter 68 , which interfaces computer system 12 to display 69 . Communication on PCI local bus 50 is governed by local PCI controller 52 , which is in turn coupled to non-volatile random access memory (NVRAM) 56 via memory bus 54 . Local PCI controller 52 can be coupled to additional buses and devices via a second host bridge 60 .
  • NVRAM non-volatile random access memory
  • Computer system 12 further includes Industry Standard Architecture (ISA) bus 62 , which is coupled to PCI local bus 50 by ISA bridge 64 . Coupled to ISA bus 62 is an input/output (I/O) controller 70 , which controls communication between computer system 12 and attached peripheral devices such as a keyboard, mouse, and disk drive. In addition, I/O controller 70 supports external communication by computer system 12 via serial and parallel ports.
  • ISA Industry Standard Architecture
  • I/O controller 70 supports external communication by computer system 12 via serial and parallel ports.
  • the system 12 may be built with different chip sets and a different bus structure, as well as with any other suitable substitute components, while providing comparable or analogous functions to those discussed above.
  • measures are provided to ensure more secure communication over a network 100 , e.g., with a bank or other entity.
  • a transaction security module 102 may be incorporated in system 12 to this end. The functioning of such a security module 102 will be better understood from the discussion herebelow.
  • FIG. 2 schematically illustrates a verification process 150 that may be carried out in accordance with a preferred embodiment of the present invention, via use of the security module 102 mentioned above.
  • a user may present to a bank (or other entity), one or more “shared secrets” (which can alternatively be referred to or thought of as “secure identification items”) that could be anything such as an account number, an amount of money in the account, amounts or dates of recent transactions, etc. ( 152 ).
  • shared secrets which can alternatively be referred to or thought of as “secure identification items” that could be anything such as an account number, an amount of money in the account, amounts or dates of recent transactions, etc.
  • a ISO image disk image with “.iso” extension supplied by the bank or other entity is preferably loaded onto the user's system, and this will then preferably place the user's machine in a “guest OS” secured by the TPM ( 160 ).
  • This guest OS will preferably only contain applications which are known to be secure (as presumably mandated and validated by the bank or other entity).
  • the user's machine Via an SSL communications protocol session, the user's machine then preferably connects with the bank or other entity ( 162 ), provides the bank with a marker such as a user ID, and then asks for “a nonce”.
  • a nonce is simply a random number, used to prevent “replay attacks”, wherein a third party listens in to the conversation, records the user's output and then replays that output at a later time, trying to pretend to be the user. Accordingly, it will be appreciated here that since the bank starts out with a random number and subsequent transmissions are calculated using that random number and a secret, a replay attack will inevitably fail.
  • the bank's application OS then does a quote of the Platform Configuration Registers (PCRs) of the user's machine, using the nonce as a freshness indicator.
  • the bank's application OS will preferably use the Trusted Computing Groups standard “quote” operation on the user's TPM machine, using a freshness indicator.
  • the user's machine replies by using a TPM stored key to do a private key digital signature of both the current platform configuration registers and the freshness indicator.
  • the platform configuration registers allow the bank to determine what OS has been loaded into a virtual machine and what hypervisor loaded that virtual machine. (Hypervisors, as well known in the computer arts, allow different operating systems to run on the same hardware concurrently.)
  • the TPM key used for setting up the session essentially has proven to the bank that that the user in question is definitely at hand, while the aforementioned quote has proven to the bank that it is in communication with the bank's application OS running on the user's machine.
  • the SSL session has guaranteed that the connection is secure.
  • the bank may now send over to the application OS the previously established one or more “shared secrets” for display at the user's end ( 164 ), e.g. at display 69 in FIG. 1 .
  • the application OS now will preferably display the one or more “secrets” on a section of the user's screen that the bank (or other entity) has determined to be in a “trusted state”. (This can be accomplished, e.g., by locking video memory through the chip set.) (More precisely, there is a concern that by displaying secrets on the screen, that they would be available to malware that could do a “screen scrape” of the video memory.
  • New chip sets have the capability of locking this memory so that it is only available to the hypervisor [and hence to the particular virtual machine that the hypervisor grants permission to].)
  • the user sees the one or more “secrets” appear on the screen, he or she will then understand that he or she is in secure communication with the bank (or other desired entity) and not some other (potentially hostile) entity.
  • the present invention in accordance with at least one presently preferred embodiment, includes elements that may be implemented on at least one general-purpose computer running suitable software programs. These may also be implemented on at least one Integrated Circuit or part of at least one Integrated Circuit. Thus, it is to be understood that the invention may be implemented in hardware, software, or a combination of both.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

In a system with a main memory, a network adapter, and a display, a transaction security module in communication with the network adapter. The transaction security module acts to: establish a secure identification item with an entity which positively identifies the entity; accept an application OS of the entity; and initiate a guest OS with the entity; the network adapter acting to connect with the entity subsequent to initiation of a guest OS; and the display acting to display the secure identification item subsequent to connection with the entity.

Description

FIELD OF THE INVENTION
The present invention relates generally to online banking or other arenas in which online transactions of one form or another may be managed or processed, and to arrangements for ensuring that transactions are reliably secure.
BACKGROUND OF THE INVENTION
Online computer security has presented numerous challenges over the years. The banking sector has been far from immune from this and in fact has come to represent one of the more vulnerable arenas in which security breaches can and do take place.
A perennial challenge in online banking resides in being able to verify that an online session is indeed secure. Even though a secure operating system (OS) may be employed, and TPM (trusted platform module) can be used to verify the OS. However, verifying that the content of the session is secure can still be quite elusive.
Compelling needs have thus been recognized in connection with providing even more reliable safeguards to ensure reliably secure online banking transactions, while such needs of course can reasonably be addressed in a wide variety of other online arenas.
SUMMARY OF THE INVENTION
In accordance with at least one presently preferred embodiment of the present invention, a “share secret” for use with the bank may be created, via which a secure process can be started to reliably ensure that there is no breach of online security.
In summary, one aspect of the invention provides a method comprising: establishing a secure identification item with an entity which positively identifies the entity; initiating an online session with the entity; accepting an application OS of the entity; initiating a guest OS with the entity; connecting with the entity; displaying the secure identification item.
Another aspect of the invention provides a system comprising: a main memory; a network adapter; a display; and a transaction security module in communication with the network adapter, the transaction security module acting to: establish a secure identification item with an entity which positively identifies the entity; accept an application OS of the entity; and initiate a guest OS with the entity; the network adapter acting to connect with the entity subsequent to initiation of a guest OS; and the display acting to display the secure identification item subsequent to connection with the entity.
Furthermore, an additional aspect of the invention provides a program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method comprising the steps of: establishing a secure identification item with an entity which positively identifies the entity; initiating an online session with the entity; accepting an application OS of the entity; initiating a guest OS with the entity; connecting with the entity; displaying the secure identification item.
For a better understanding of the present invention, together with other and further features and advantages thereof, reference is made to the following description, taken in conjunction with the accompanying drawings, and the scope of the invention will be pointed out in the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 schematically illustrates a computer system.
FIG. 2 schematically conveys a verification process.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
For a better understanding of the present invention, together with other and further features and advantages thereof, reference is made to the following description, taken in conjunction with the accompanying drawings, and the scope of the invention will be pointed out in the appended claims.
It will be readily understood that the components of the present invention, as generally described and illustrated in the Figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following more detailed description of the embodiments of the apparatus, system, and method of the present invention, as represented in FIGS. 1 through 2, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention.
One or more functional units described in this specification may be labeled as a “module”, in order to more particularly emphasize their implementation independence. For example, a module may be implemented as a hardware circuit comprising custom VLSI circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
Modules may also be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the module and achieve the stated purpose for the module.
Indeed, a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.
Reference throughout this specification to “one embodiment” or “an embodiment” (or the like) means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided, such as examples of programming, software modules, user selections, network transactions, database queries, database structures, hardware modules, hardware circuits, hardware chips, etc., to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention can be practiced without one or more of the specific details, or with other methods, components, materials, etc. In other instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the invention.
The illustrated embodiments of the invention will be best understood by reference to the drawings, wherein like parts are designated by like numerals or other labels throughout. The following description is intended only by way of example, and simply illustrates certain selected embodiments of devices, systems, and processes that are consistent with the invention as claimed herein.
Referring now to FIG. 1, there is depicted a block diagram of an illustrative embodiment of a computer system 12. The illustrative embodiment depicted in FIG. 1 may be a notebook computer system, such as one of the ThinkPad® or ThinkCentre® series of personal computers sold by Lenovo (US) Inc. of Morrisville, N.C., however, as will become apparent from the following description, the present invention is applicable to any data processing system.
As shown in FIG. 1, computer system 12 includes at least one system processor 42, which is coupled to a Read-Only Memory (ROM) 40 and a system memory 46 by a processor bus 44. System processor 42, which may comprise one of the AMD™ line of processors produced by AMD Corporation or a processor produced by Intel Corporation, is a general-purpose processor that executes boot code 41 stored within ROM 40 at power-on and thereafter processes data under the control of operating system and application software stored in system memory 46. System processor 42 is coupled via processor bus 44 and host bridge 48 to Peripheral Component. Interconnect (PCI) local bus 50.
PCI local bus 50 supports the attachment of a number of devices, including adapters and bridges. Among these devices is network adapter 66, which interfaces computer system 12 to a LAN, and graphics adapter 68, which interfaces computer system 12 to display 69. Communication on PCI local bus 50 is governed by local PCI controller 52, which is in turn coupled to non-volatile random access memory (NVRAM) 56 via memory bus 54. Local PCI controller 52 can be coupled to additional buses and devices via a second host bridge 60.
Computer system 12 further includes Industry Standard Architecture (ISA) bus 62, which is coupled to PCI local bus 50 by ISA bridge 64. Coupled to ISA bus 62 is an input/output (I/O) controller 70, which controls communication between computer system 12 and attached peripheral devices such as a keyboard, mouse, and disk drive. In addition, I/O controller 70 supports external communication by computer system 12 via serial and parallel ports. Of course, it should be appreciated that the system 12 may be built with different chip sets and a different bus structure, as well as with any other suitable substitute components, while providing comparable or analogous functions to those discussed above.
In accordance with a presently preferred embodiment of the present invention, measures are provided to ensure more secure communication over a network 100, e.g., with a bank or other entity. Preferably, a transaction security module 102 may be incorporated in system 12 to this end. The functioning of such a security module 102 will be better understood from the discussion herebelow.
FIG. 2 schematically illustrates a verification process 150 that may be carried out in accordance with a preferred embodiment of the present invention, via use of the security module 102 mentioned above.
Preferably, at essentially any time prior to conducting an online session with an outside entity such as a bank, a user may present to a bank (or other entity), one or more “shared secrets” (which can alternatively be referred to or thought of as “secure identification items”) that could be anything such as an account number, an amount of money in the account, amounts or dates of recent transactions, etc. (152).
Then, when an online session is to be started (154) using a TPM key in known manner, at the user's end the application OS of the outside entity (such as a bank) is preferably accepted (156). To then initiate a DRTM (dynamic root of trust measurement) session using the outside entity's application OS (158), a password known to the bank (or other entity) and TPM can be entered.
Subsequently, a ISO image (disk image with “.iso” extension) supplied by the bank or other entity is preferably loaded onto the user's system, and this will then preferably place the user's machine in a “guest OS” secured by the TPM (160). This guest OS will preferably only contain applications which are known to be secure (as presumably mandated and validated by the bank or other entity). Via an SSL communications protocol session, the user's machine then preferably connects with the bank or other entity (162), provides the bank with a marker such as a user ID, and then asks for “a nonce”. (A nonce is simply a random number, used to prevent “replay attacks”, wherein a third party listens in to the conversation, records the user's output and then replays that output at a later time, trying to pretend to be the user. Accordingly, it will be appreciated here that since the bank starts out with a random number and subsequent transmissions are calculated using that random number and a secret, a replay attack will inevitably fail.)
Preferably, the bank's application OS then does a quote of the Platform Configuration Registers (PCRs) of the user's machine, using the nonce as a freshness indicator. In other words, the bank's application OS will preferably use the Trusted Computing Groups standard “quote” operation on the user's TPM machine, using a freshness indicator. The user's machine then replies by using a TPM stored key to do a private key digital signature of both the current platform configuration registers and the freshness indicator. The platform configuration registers allow the bank to determine what OS has been loaded into a virtual machine and what hypervisor loaded that virtual machine. (Hypervisors, as well known in the computer arts, allow different operating systems to run on the same hardware concurrently.)
At this point, the TPM key used for setting up the session essentially has proven to the bank that that the user in question is definitely at hand, while the aforementioned quote has proven to the bank that it is in communication with the bank's application OS running on the user's machine. The SSL session has guaranteed that the connection is secure.
Accordingly, in accordance with a particularly preferred embodiment of the present invention, the bank (or other entity) may now send over to the application OS the previously established one or more “shared secrets” for display at the user's end (164), e.g. at display 69 in FIG. 1. Particularly, the application OS now will preferably display the one or more “secrets” on a section of the user's screen that the bank (or other entity) has determined to be in a “trusted state”. (This can be accomplished, e.g., by locking video memory through the chip set.) (More precisely, there is a concern that by displaying secrets on the screen, that they would be available to malware that could do a “screen scrape” of the video memory. New chip sets have the capability of locking this memory so that it is only available to the hypervisor [and hence to the particular virtual machine that the hypervisor grants permission to].) When the user sees the one or more “secrets” appear on the screen, he or she will then understand that he or she is in secure communication with the bank (or other desired entity) and not some other (potentially hostile) entity.
It is to be understood that the present invention, in accordance with at least one presently preferred embodiment, includes elements that may be implemented on at least one general-purpose computer running suitable software programs. These may also be implemented on at least one Integrated Circuit or part of at least one Integrated Circuit. Thus, it is to be understood that the invention may be implemented in hardware, software, or a combination of both.
If not otherwise stated herein, it is to be assumed that all patents, patent applications, patent publications and other publications (including web-based publications) mentioned and cited herein are hereby fully incorporated by reference herein as if set forth in their entirety herein.
Although illustrative embodiments of the present invention have been described herein with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various other changes and modifications may be affected therein by one of ordinary skill in the art without departing from the scope or spirit of the invention. The scope of the invention will be pointed out in the claims, in which reference to an element in singular is not intended to mean “one and only one” unless explicitly so stated, but rather “one or more.”

Claims (18)

1. A method comprising:
establishing one or more secure identification items with an entity;
accepting an entity Operating System (OS) at one or more guest computing devices responsive to the one or more guest computing devices initiating an online session with one or more entity computing devices, the entity OS comprising one or more applications;
initiating the entity OS as a guest OS on the one or more guest computing devices;
connecting the one or more guest computing devices to the one or more entity computing devices;
sending one or more guest identification items from the one or more guest computing devices to the one or more entity computing devices;
sending the one or more secure identification items from the one or more entity computing devices to the one or more guest computing devices responsive to the one or more entity computing devices receiving the one or more guest identification items;
displaying the one or more secure identification items at the one or more guest computing devices on a display device; and
initiating a Dynamic Root of Trust Measurement (DRTM) session responsive to accepting an entity OS at one or more guest computing devices.
2. The method according to claim 1, wherein initiating a DRTM session comprises entering a password.
3. The method according to claim 1, wherein initiating the entity OS as a guest OS on the one or more guest computing devices comprises obtaining an ISO image from the one or more entity computing devices.
4. The method according to claim 3, wherein the one or more applications are secure applications.
5. The method according to claim 1, wherein connecting the one or more guest computing devices to the one or more entity computing devices further comprises:
connecting through a Secure Sockets Layer (SSL) session;
providing the one or more entity computing devices with a marker; and
requesting a nonce of the one or more entity computing devices.
6. The method according to claim 5, further comprising performing a quote of at least one Platform Configuration Register (PCR) at the one or more guest computing devices.
7. The method according to claim 1, wherein initiating an online session with the one or more entity computing comprises employing a Trusted Platform Module (TPM) key.
8. The method according to claim 7, wherein employing a TPM key comprises securing the guest operating system utilizing the TPM key.
9. The method according to claim 1, wherein displaying the one or more secure identification items comprises displaying the one or more secure identification items at a region determined to be in a trusted state.
10. The method according to claim 1, wherein the one or more secure identification items are displayed at the one or more guest computing devices in a trusted state established via locking a video memory in operative connection with the display device.
11. A system comprising:
one or more processors;
a system memory operatively coupled to the one or more processors;
wherein, responsive to execution of computer readable program code accessible to the one or more processors, the one or more processors are configured to:
establish one or more secure identification items with an entity;
accept an entity Operating System (OS) responsive to initiating an online session with one or more entity computing devices, the entity OS comprising one or more applications;
initiate the entity OS as a guest OS;
connect to the one or more entity computing devices;
send one or more guest identification items to the one or more entity computing devices;
receive the one or more secure identification items sent from the one or more entity computing devices, the one or more secure identification items being sent responsive to the one or more entity computing devices receiving the one or more guest identification items;
display the one or more secure identification items on a display device; and
initiate a Dynamic Root of Trust Measurement (DRTM) session responsive to accepting an entity OS.
12. The system according to claim 11, wherein initiating a DRTM session comprises entering a password.
13. The system according to claim 11, wherein initiating the entity OS as a guest OS comprises obtaining an ISO image from the one or more entity computing devices.
14. The system according to claim 13, wherein the one or more applications are secure applications.
15. The system according to claim 11, wherein connecting to the one or more entity computing devices further comprises:
connecting through a Secure Sockets Layer (SSL) session;
providing the one or more entity computing devices with a marker; and
requesting a nonce of the one or more entity computing devices.
16. The system according to claim 11, wherein initiating an online session with the one or more entity computing comprises employing a Trusted Platform Module (TPM) key.
17. The system according to claim 11, wherein displaying the one or more secure identification items comprises displaying the one or more secure identification items at a region determined to be in a trusted state.
18. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method comprising the steps of:
establishing one or more secure identification items with an entity;
accepting an entity Operating System (OS) responsive to initiating an online session with one or more entity computing devices, the entity OS comprising one or more applications;
initiating the entity OS as a guest OS;
connecting to the one or more entity computing devices;
sending one or more guest identification items to the one or more entity computing devices;
receiving the one or more secure identification items sent from the one or more entity computing devices, the one or more secure identification items being sent responsive to the one or more entity computing devices receiving the one or more guest identification items;
displaying the one or more secure identification items on a display device; and
initiating a Dynamic Root of Trust Measurement (DRTM) session responsive to accepting an entity OS.
US11/865,048 2007-09-30 2007-09-30 Local verification of trusted display based on remote server verification Active 2029-12-19 US8205248B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US11/865,048 US8205248B2 (en) 2007-09-30 2007-09-30 Local verification of trusted display based on remote server verification
CNA2008101616918A CN101436236A (en) 2007-09-30 2008-10-06 Local verification of trusted display based on remote server verification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/865,048 US8205248B2 (en) 2007-09-30 2007-09-30 Local verification of trusted display based on remote server verification

Publications (2)

Publication Number Publication Date
US20090089875A1 US20090089875A1 (en) 2009-04-02
US8205248B2 true US8205248B2 (en) 2012-06-19

Family

ID=40509957

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/865,048 Active 2029-12-19 US8205248B2 (en) 2007-09-30 2007-09-30 Local verification of trusted display based on remote server verification

Country Status (2)

Country Link
US (1) US8205248B2 (en)
CN (1) CN101436236A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220350717A1 (en) * 2021-04-30 2022-11-03 Dell Products L.P. Chained loading with static and dynamic root of trust measurements

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11500988B2 (en) * 2019-03-08 2022-11-15 International Business Machines Corporation Binding secure keys of secure guests to a hardware security module

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020194496A1 (en) * 2001-06-19 2002-12-19 Jonathan Griffin Multiple trusted computing environments
US20060212939A1 (en) * 2005-03-15 2006-09-21 Microsoft Corporation Virtualization of software configuration registers of the TPM cryptographic processor
US20060236127A1 (en) * 2005-04-01 2006-10-19 Kurien Thekkthalackal V Local secure service partitions for operating system security
US20070204166A1 (en) * 2006-01-04 2007-08-30 Tome Agustin J Trusted host platform
US20080072222A1 (en) * 2006-08-31 2008-03-20 International Business Machines Corporation Client outsourcing service
US20080098107A1 (en) * 2006-10-18 2008-04-24 Daniel Horacio Jones Method for notarizing packet traces
US20080163383A1 (en) * 2006-12-29 2008-07-03 Kumar Mohan J Methods and apparatus for authenticating components of processing systems
US7464412B2 (en) * 2003-10-24 2008-12-09 Microsoft Corporation Providing secure input to a system with a high-assurance execution environment
US20100011219A1 (en) * 2006-07-28 2010-01-14 Hewlett-Packard Development Company, L.P. Secure Use of User Secrets on a Computing Platform

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020194496A1 (en) * 2001-06-19 2002-12-19 Jonathan Griffin Multiple trusted computing environments
US7464412B2 (en) * 2003-10-24 2008-12-09 Microsoft Corporation Providing secure input to a system with a high-assurance execution environment
US20060212939A1 (en) * 2005-03-15 2006-09-21 Microsoft Corporation Virtualization of software configuration registers of the TPM cryptographic processor
US20060236127A1 (en) * 2005-04-01 2006-10-19 Kurien Thekkthalackal V Local secure service partitions for operating system security
US20070204166A1 (en) * 2006-01-04 2007-08-30 Tome Agustin J Trusted host platform
US20100011219A1 (en) * 2006-07-28 2010-01-14 Hewlett-Packard Development Company, L.P. Secure Use of User Secrets on a Computing Platform
US20080072222A1 (en) * 2006-08-31 2008-03-20 International Business Machines Corporation Client outsourcing service
US20080098107A1 (en) * 2006-10-18 2008-04-24 Daniel Horacio Jones Method for notarizing packet traces
US20080163383A1 (en) * 2006-12-29 2008-07-03 Kumar Mohan J Methods and apparatus for authenticating components of processing systems

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220350717A1 (en) * 2021-04-30 2022-11-03 Dell Products L.P. Chained loading with static and dynamic root of trust measurements
US11803454B2 (en) * 2021-04-30 2023-10-31 Dell Products L.P. Chained loading with static and dynamic root of trust measurements

Also Published As

Publication number Publication date
US20090089875A1 (en) 2009-04-02
CN101436236A (en) 2009-05-20

Similar Documents

Publication Publication Date Title
US8201239B2 (en) Extensible pre-boot authentication
US7380136B2 (en) Methods and apparatus for secure collection and display of user interface information in a pre-boot environment
US8332930B2 (en) Secure use of user secrets on a computing platform
US8335931B2 (en) Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
US8583908B2 (en) Enhanced network and local boot of Unified Extensible Firmware Interface images
US7974416B2 (en) Providing a secure execution mode in a pre-boot environment
US8909940B2 (en) Extensible pre-boot authentication
US8973094B2 (en) Execution of a secured environment initialization instruction on a point-to-point interconnect system
US7028149B2 (en) System and method for resetting a platform configuration register
US7010684B2 (en) Method and apparatus for authenticating an open system application to a portable IC device
US7139915B2 (en) Method and apparatus for authenticating an open system application to a portable IC device
US8713705B2 (en) Application authentication system and method
US8370610B2 (en) Remote configuration of computing platforms
US20090063108A1 (en) Compatible trust in a computing device
US11206141B2 (en) Merging multiple compute nodes with trusted platform modules utilizing provisioned node certificates
JP2002539656A (en) Smart card user interface for a trusted computing platform
US20130212673A1 (en) Entering a secured computing environment using multiple authenticated code modules
TWI759827B (en) System and method for performing trusted computing with remote attestation and information isolation on heterogeneous processors over open interconnect
US20060179293A1 (en) Method to boot computer system only to a secure network
US8205248B2 (en) Local verification of trusted display based on remote server verification
US8566600B2 (en) Password management outside of a BIOS
US8151104B2 (en) Establishing user-defined management engine default settings stored in a system memory
US20200067984A1 (en) Management of a distributed universally secure execution environment
WO2012096558A1 (en) System and method to provide integrity measurement of a machine without tpm using trusted agent

Legal Events

Date Code Title Description
AS Assignment

Owner name: LENOVO (SINGAPORE) PTE., LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHALLENER, DAVID C.;CROMER, DARYL;LOCKER, HOWARD;AND OTHERS;REEL/FRAME:020086/0127

Effective date: 20071001

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: LENOVO PC INTERNATIONAL, HONG KONG

Free format text: NUNC PRO TUNC ASSIGNMENT;ASSIGNOR:LENOVO (SINGAPORE) PTE LTD.;REEL/FRAME:037160/0001

Effective date: 20130401

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12